Image for post
Image for post
Photo by Matthew T Rader on Unsplash

Physical penetration testers have this really cool trick where they’ll swap out a lock’s key core with one that always opens, regardless of the key inserted. Unless you specifically test for this condition, you’d never know. To combat this, a security team needs a “red key” — one that will never open a lock.

What does this have to do with Duo? With the events of this week’s Solarwinds breach, one attack vector allowed the bad actor to access OWA that was protected with Duo two-factor authentication, but the 2FA credentials were never checked.


When you’re statically binding an EPG to a port, you have the option to choose one of three options. Here’s why you never want to never want to select Access (Untagged) and always want to pick either Access-802.1p or Trunk-Tagged.

Image for post
Image for post
Never pick “Mode: Access (Untagged)”!

Access (Untagged)

If this port were in NX-OS mode, the configuration would look like this:

interface eth1/1
switchport mode access
switchport access vlan 50

This mode simply sets the port to an access port, and sets the VLAN that’s associated with the port. There’s no encapsulation since it’s not a trunk port.

Access (802.1p)

interface eth1/1 switchport mode trunk switchport trunk native vlan 50…


My team ran into a nasty ACI bug (CSCva68310) that prevents you from adding nodes during setup to an ACI fabric. Here’s a quick write-up so that the next poor soul that spends WAY too much time struggling with fabric provisioning can hopefully get it fixed straightaway.

The Topology

The team unboxed a brand new trio of APIC-CLUSTER-L3 servers, ran the initial setup from the KVM, and connected them to a Nexus 93180-YC leaf. The 93180 was connected to a 9336 spine. Nothing complicated at all.

The Issue

No matter what the team did, the leaf and spine sat in “Inactive” mode and would…


Image for post
Image for post
Photo by Joe Caione on Unsplash

I refuse to use the stock photo of containers on a ship , so here’s a picture of a puppy instead. You’ll be this happy when you realize how easy it is to deploy k8s with CCP.

I’ve been spending time deep-diving into Cisco Container Platform (CCP), running on the Cisco HyperFlex HCI (HX) platform. If you need to deploy an enterprise-grade container strategy on-prem and in the cloud in a short amount of time without having to move Heaven and Earth to get it done, HX+CCP should be a serious contender.

What is CCP?

Cisco Container Platform is a platform that allows…


Image for post
Image for post
Photo by Emiliano Vittoriosi on Unsplash

Let’s set the stage. The demo stage.

You’re watching a vendor demo. It gives you a perspective of a world full of possibilities, endless optimism, and long weekends at the beach. Your world will be magical: if only you purchase the Infotramatical Elite Defender SaaS Platinum 6000 package. “Better everything, for only $X per month!”

Boom! PO issued. Sale made.

Get in the DeLorean and fast forward a year, and of the 80 life-changing features in the Infotramatic Elite Defender SaaS Platinum platform, your organization has deployed 20% of them, maybe. And it’s just an OK solution. And the only one that uses it is Jane in…


Image for post
Image for post
Photo by Dan Meyers on Unsplash

Most of our large, enterprise companies force their corporate-owned laptops to connect via VPN back to the mothership to access internal resources. However, they force all traffic (Netflix, WebEx, Office 365, etc.) to go through the VPN connection, usually so the traffic flows can be seen by their security perimeter.

But, with everyone and their brother, sister, cousin and pet working remotely, this means that all Internet traffic has to route back through the corporate Internet connections. …


The Daily Mail released an article encouraging gamers to play at reasonable times, citing “Internet congestion” during peak hours. They argue that Internet gamers are responsible for an increase in traffic on the Internet that could disrupt critical business flows.

Let’s look at why the Daily Mail article almost got it right, but missed the mark. As always, the devil is in the details.

This article will explain why you might want to defer your existing game update or new game download until before you head to bed for the night, just to be a Good Internet Citizen.

“There’s no way an online game uses as much as streaming Netflix videos!”

Let’s look…


Image for post
Image for post

Say what?

With everyone working remotely, Cisco WebEx, Zoom, Microsoft Teams and Google Hangouts (not to mention the myriad of other providers) are placing unprecedented demand on the global phone network.

Every time you join a meeting and use your cell phone to dial in, you use a phone trunk to get your call from your home or cell phone to the conference. Each conferencing provider has a finite amount of trunks, and even though they’re increasing capacity, the system is over-burdened.

However, there is something small that you can do: when you join a meeting, use the VoIP option. Have the…


Image for post
Image for post
Photo by Stem List on Unsplash

We’ve gotten a few questions from our clients about using Cisco WebEx to hold all-hands online meetings, either for their employees or customers.

Here’s a quick primer on how to ensure that your meetings run smoothly and without interruption, as well as answer some frequently asked questions we get.

Let’s jump right in, but before we do, keep this in mind. If you haven’t used online meetings before, PRACTICE BEFORE THE REAL MEETING! Do a dry run, get a few people online. Have someone show up in their bathrobe on video. Kick them out.

There are multiple options?

WebEx has…


Learning the hard way so you don’t have to.

Overview

When you deploy a Cisco ENCS 5400 appliance (specifically the 5412), there’s not a lot of clarity in the official Cisco documentation about the different modes. I hope if you’re looking for clarity, that this helps you get through your installation.

Let’s start at the beginning.

From a physical hardware perspective, the ENCS 5400 appliances have two different places for hard drives. They have an internal SSD (Figure 4)and two external 2.5" hard drive slots for SSD or HDD (Figure 6).

Image for post
Image for post
Internals of an ENCS 5412

When you purchase an ENCS 5412, you can load it…

Liam Keegan

Data center/security/collab hack, CCIE #5026, focusing on automation, programmability, operational efficiency and getting rid of technical debt.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store